ISSA-LA Security Summit 2024

Whether you are an SMB, Enterprise, or MSSP, you need to know what your endpoints are running. You need to know your endpoints are secured and have not drifted from running approved software. You need to know your endpoints have the proper patches for the OS, software, and even device drivers. This is only possible with solutions that are dedicated for such tasks. Let 20X Microsoft MVP Derek Melber describe the ideal scenario that every organization can create to help them establish endpoints that can withstand some of the most brutal attacks.

A critical analysis of key events and trends that have led to the current state, exploring how commercialization, mass surveillance and the rise of big data analytics have contributed to the erosion of digital privacy & security.

The cybersecurity landscape is filled with illusions.

Traditional defenses focus on building ever-higher walls, but attackers are constantly innovating ways to bypass them. This talk explores the concept of the "Cybersecurity Mirage," where seemingly robust defenses offer a false sense of security; moreover, companies continue to spend billions of dollars chasing something that is not attainable. So many worry about the Advanced Persistent Threat (APT), but they need to start with the Basic Persistent Threat. We need a paradigm shift and accept that the way we have been doing security is flawed and broken and to continue this way is the true definition of insanity.

Join me as I show empirical evidence of simple ways to confuse and frustrate attackers once they have broken through the existing flawed security solutions and embark on the path of Proactive Resilience. We will accomplish this with simple and easy to do network tricks that for some reason have been forgotten! It is time to remember them again!

A case study providing an example of the kinds of analysis that goes into responding to a phishing email. This example includes very in-depth technical analysis of the email, its attachment, and the websites the victim would interact with, in order to show the kinds of digital forensics and online investigation skills employed by a SOC Analyst responding to a targeted phishing campaign.